Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Ajax

Ionic Angular App as a Website Front-end - AJAX/CORS Solutions

4.50/5 (2 votes)
17 Jan 2016CPOL3 min read 8.2K  
Ionic Angular App as a Website Front-end - AJAX/CORS solutions

Ionic and Angular are great frameworks for building single page web apps. If you want to create an app that you can then deploy on almost any mobile device out there based on HTML5 and Javascript (JS), then you are starting in a good place.

If you are just building an app that does not communicate to other websites and deals only with information stored locally or already on the app, then you will have no issues. What the guides do not explain well is all the issues you will have communicating with other websites. These are JS features (or limitations) that protect users from malicious js code. Native Android (dalvik) and iOS (Objective-C/Swift) apps do not have that limitations, so native developers may be unfamiliar with these restrictions.

This article will help you identify and solve some common pitfalls when building an ionic app. The source code to the sample ionic app is available on github.

Typical architecture for an Ionic App as a web site front-end.

Make Sure Your Server Allows Remote Access by JavaScript

If you are communicating to another server, you will need to set it up to allow for Cross-Origin Resource Shared (CORS) access or JS will not be able to read the responses. If the server you want to talk to is not your own and does not have Access-Control-Allow-Origin in its response headers set to where you need it (generally '*' or 'file://'), then you'll need to find a different way such as a proxy or a native app.

In Apache's httpd.conf file, you will need something like this on the directory you want to allow access to:

XML
<Directory "/your_www_dir">
  #You may prefer "file://" instead of "*" because it is more restrictive
  Header set Access-Control-Allow-Origin "*"
  ...

Or this can be done in your host language. For PHP:

PHP
//When testing app locally, it will be run from localhost:8100
$client_origin = "";
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
    $client_origin = $_SERVER['HTTP_ORIGIN'];
}
if (stristr($client_origin, 'localhost') !== false) {
    $origin = "http://localhost:8100"; //test host
} else {
    $origin = "file://";
}//Allow only from two specific locations: testing, and from JS app
header("Access-Control-Allow-Origin: $origin");//To be less restrictive, 
                                                         //you can use this line below
//header("Access-Control-Allow-Origin: *");
//header("Access-Control-Allow-Methods: POST, GET, OPTIONS");

Make Sure Your Ionic Project has whitelists Enabled and Configured

Newer versions of Ionic projects seem to have this enabled by default, but if you do not have the whitelist plugin already, you will need to install it.

Check if the whitelist plugin is installed:

PHP
$ ionic plugin list
cordova-plugin-console 1.0.2 "Console"
... 
cordova-plugin-whitelist 1.2.0 "Whitelist"

If not, install it:

PHP
$ ionic plugin add https://github.com/apache/cordova-plugin-whitelist.git

Configure the app's config.xml file to allow access to outside sites (i.e., beyond 'file://'), add after <content src="index.html"/>. Add the last two lines to allow Android/iOS apps to open sites other than you own (if desired):

XML
<access origin="*"/>
<allow-intent href="*"/>
<allow-navigation href="*"/>

For iOS Apps, Check Your App Transport Security (ATS) Settings

When you do an app build, a platforms/ios/{app_name}/{app_name}-Info.plist file is created. If your app ONLY accesses HTTPS, you won't need to set this. Otherwise, add the bolded lines to the file:

XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs$
<plist version="1.0">
  <dict>
    ...
    <key>NSAppTransportSecurity</key>
    <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
    </dict>
  </dict>
</plist>

If this is not set, you may have communication issues and see the following error:

App Transport Security has blocked a cleartext HTTP (http://) 
resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

Load Your Code or Try the Sample Project

The sample project uses the Angular $http service to communicate to a sample website. I use http://espn.go.com as an example because they send an Access-Control-Allow-Origin = '*' and allow us to test our app. You can see the response in the Message section and any errors in the Error section.

iOS App Publishing Tips

Getting an app running in the Apple App Store has its own set of challenges. Check out these Ionic iOS App Publishing tips: Publishing an Ionic Angular App for iOS - The Hidden Steps & Pitfalls.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)